Table of Contents
Advertisement
Application Example 1: Firewall Cluster
This section describes how to configure the traditional firewall implementation, which uses a third-party
high availability firewall cluster, described in
shown in the figure on
VLAN 10 ingress ports. This VLAN has three egress ports (2/9, 2/10, and 3/5) that connect to the third-
party high availability firewall cluster. The firewall cluster is connected to three ports (4/1, 5/3, 7/6) that
belong to standard VLAN 20. This VLAN connects to devices within a private network.
Follow the steps below to configure the necessary high availability VLAN on an OmniSwitch.
1
Create a default VLAN for HA VLAN 10 ports with the
-> vlan 5
2
Assign ports to the new default VLAN with the
-> vlan 5 port default 1/1 2/9 2/10 3/5
3
Configure VLAN 10, which will have the ingress ports, with the
-> vlan 10
4
Assign the ingress port 1/1 to VLAN 10 with the
below:
-> vlan 10 port-mac ingress-port 1/1
5
Assign the egress ports 2/9, 2/10, and 3/5 to VLAN 10 with the
as shown below:
-> vlan 10 port-mac egress-port 2/9-10 3/5
6
Configure standard VLAN 20, which will carry authorized traffic to the private network, with the
command as shown below:
-> vlan 20
7
Assign destination MAC addresses to VLAN 10 with the
command as shown below:
-> mac-address-table port-mac vlan 10 mac 00:95:2A:01:3C:10
page 3-16
"Traditional Firewall Implementation" on page
page
3-7, traffic from the Internet comes into the switch through high availability
Configuring High Availability VLANs
vlan
command as shown below:
vlan port default
command as shown below:
vlan
command as shown below:
vlan port-mac ingress-port
vlan port-mac egress-port
mac-address-table port-mac vlan mac
Release 5.1.6.R02 User Guide Supplement
3-7. As
command as shown
command
vlan
June 2005
Advertisement
Table of Contents
